Merge branch 'release/2.0.7' into 'stable'v2.0.7

Release/2.0.7 See merge request pleroma/secteam/pleroma!8
author: rinpatch <rinpatch@sdf.org> 2020-06-13 09:07:02 +0000
committer: rinpatch <rinpatch@sdf.org> 2020-06-13 09:07:02 +0000
commit: f891e2b2f1d1daa122b9856e4b660be394d31e34 (patch)
tree: ed57c9e3ebf43d80a17a399baa54b01cd1c85eb9 /lib/pleroma/plugs
parent: 6c90fc8e70760bf8c58bb731ce294e9eee02f430 (diff)
parent: d050d21103d09fa62bd1ff1b6755c62980de3517 (diff)
download: pleroma-2.0.7.tar.gz
2 files changed, 9 insertions, 5 deletions
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 2208d1d6c..cad0ad4a0 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
         sources = get_proxy_and_attachment_sources()
         {[img_src, sources], [media_src, sources]}
       else
-        {img_src, media_src}
+        {[img_src, " https:"], [media_src, " https:"]}
       end
 
     connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]
@@ -113,6 +113,10 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
         add_source(acc, host)
       end)
 
+    media_proxy_base_url =
+      if Config.get([:media_proxy, :base_url]),
+        do: URI.parse(Config.get([:media_proxy, :base_url])).host
+
     upload_base_url =
       if Config.get([Pleroma.Upload, :base_url]),
         do: URI.parse(Config.get([Pleroma.Upload, :base_url])).host
@@ -122,6 +126,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
         do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host
 
     []
+    |> add_source(media_proxy_base_url)
     |> add_source(upload_base_url)
     |> add_source(s3_endpoint)
     |> add_source(media_proxy_whitelist)
diff --git a/lib/pleroma/plugs/instance_static.ex b/lib/pleroma/plugs/instance_static.ex
index 927fa2663..7516f75c3 100644
--- a/lib/pleroma/plugs/instance_static.ex
+++ b/lib/pleroma/plugs/instance_static.ex
@@ -3,6 +3,8 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Plugs.InstanceStatic do
+  require Pleroma.Constants
+
   @moduledoc """
   This is a shim to call `Plug.Static` but with runtime `from` configuration.
 
@@ -21,9 +23,6 @@ defmodule Pleroma.Plugs.InstanceStatic do
     end
   end
 
-  @only ~w(index.html robots.txt static emoji packs sounds images instance favicon.png sw.js
-  sw-pleroma.js)
-
   def init(opts) do
     opts
     |> Keyword.put(:from, "__unconfigured_instance_static_plug")
@@ -31,7 +30,7 @@ defmodule Pleroma.Plugs.InstanceStatic do
     |> Plug.Static.init()
   end
 
-  for only <- @only do
+  for only <- Pleroma.Constants.static_only_files() do
     at = Plug.Router.Utils.split("/")
 
     def call(%{request_path: "/" <> unquote(only) <> _} = conn, opts) do
author	rinpatch <rinpatch@sdf.org>	2020-06-13 09:07:02 +0000
committer	rinpatch <rinpatch@sdf.org>	2020-06-13 09:07:02 +0000
commit	f891e2b2f1d1daa122b9856e4b660be394d31e34 (patch)
tree	ed57c9e3ebf43d80a17a399baa54b01cd1c85eb9 /lib/pleroma/plugs
parent	6c90fc8e70760bf8c58bb731ce294e9eee02f430 (diff)
parent	d050d21103d09fa62bd1ff1b6755c62980de3517 (diff)
download	pleroma-2.0.7.tar.gz